The global ransomware attack has made $49,000 — but the attackers will have a hard time claiming it

The WannaCry ransomware notice.gigi.h/Twitter
This weekend's massive cyberattack has made the unidentified attacker behind it more than $49,000 (£37,900) — but they're going to have a hard time claiming it.

With the help of a leaked software exploit developed by the National Security Agency, a US intelligence agency, the ransomware spread to at least 150 countries, wreaking havoc on Britain's National Health Service — where it shut down hospitals and cancelled operations— and the Spanish telecommunications giant Telefónica.

Ransomware bounties are generally paid in bitcoin, a digital currency that keeps its users anonymous. But bitcoin is also traceable — every transaction is written on a public ledger called the blockchain, meaning you can trace any payments throughout the network. According to experts' analysis, the so-called WannaCry ransomware directed ransoms to be paid toward three "wallets."

By examining these wallets, you can see exactly how much has been paid so far. As of writing, it's $49,603 worth of bitcoin, with new payments coming in regularly and no attempts to move the funds or cash out.

This figure is likely to increase as people go into offices around the world on Monday and turn on already infected computers.

The headquarters of the National Security Agency, the US intelligence agency that developed the software exploit used by the WannaCry ransomware.
Digital Trends
So has the unknown attacker just made a cool fifty grand? Not necessarily. Information-security professionals across the globe are watching the three wallets like hawks, and law-enforcement officials are likely motivated to get to the bottom of the attack because of its sheer scale.

"There is definitely a sweet spot for leveraging online crimes. You want to use scale to make money, not enough scale to get LE to wake up," Alex Stamos, Facebook's chief security officer, tweeted on Saturday, referring to law enforcement. "'Hospitals can't operate' is the kind of fact pattern that changes the calculus on assumptions like 'I'll never get extradited.'"

He continued in a series of tweets:

"You see this most often in issues involving child safety, where intentionally obstinate countries all the sudden rediscover LE capabilities. Won't name names, but there is a [three-letter agency] police force that can never find their domestic hackers, but for kidnapping becomes terrifyingly good.

"In the end, many cops are parents, no matter their political masters. Will be interesting to see if this situation triggers same impetus."

Stamos said the attack had the "potential to kick in quiet" cooperation between the intelligence community and law enforcement, and that it was "much easier to hide cryptocurrency tumbling" from London's Metropolitan Police Service than Britain's intelligence agency, Government Communications Headquarters.

ABC Radio National contributor Patrick Gray tweeted: "Whoever did this just became a global LE priority. They'd be well advised to just publish decryption keys and walk away. For real.

"Also, these attackers might not realise that telcos and hospitals are critical infrastructure. That makes it official SIGINT agency business," he added, referring to signals intelligence.

Gray said it wouldn't be just the FBI coming after the attacker, but the NSA, GCHQ, New Zealand's Government Communications Security Bureau, the Australian Signals Directorate, and Canada's Communications Security Establishment.

"That's not a recipe for a peaceful life," he said.

In other words, the WannaCry attack has, in a strange way, been too successful.

Had it been just another moderately effective ransomware campaign, it might have flown under the radar. It certainly wouldn't be receiving the global coverage this weekend's attack has. But once it started forcing children's ambulances to get redirected, it changed the game.